sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication data structures and functions would incorrectly be used when they shouldn't be. Introduced a new USE_KRB5 definition that takes into account the use of CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
This commit is contained in:
		| @@ -53,7 +53,7 @@ | ||||
| /* The last #include file should be: */ | ||||
| #include "memdebug.h" | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| extern void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | ||||
| #endif | ||||
|  | ||||
| @@ -722,7 +722,7 @@ CURLcode Curl_sasl_create_xoauth2_message(struct SessionHandle *data, | ||||
|  */ | ||||
| void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused) | ||||
| { | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|   /* Cleanup the gssapi structure */ | ||||
|   if(authused == SASL_MECH_GSSAPI) { | ||||
|     Curl_sasl_gssapi_cleanup(&conn->krb5); | ||||
|   | ||||
| @@ -28,7 +28,7 @@ struct SessionHandle; | ||||
| struct connectdata; | ||||
| struct ntlmdata; | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| struct kerberos5data; | ||||
| #endif | ||||
|  | ||||
| @@ -123,7 +123,7 @@ CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data, | ||||
|  | ||||
| #endif /* USE_NTLM */ | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| /* This is used to generate a base64 encoded GSSAPI (Kerberos V5) user token | ||||
|    message */ | ||||
| CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, | ||||
| @@ -142,7 +142,7 @@ CURLcode Curl_sasl_create_gssapi_security_message(struct SessionHandle *data, | ||||
|                                                   struct kerberos5data *krb5, | ||||
|                                                   char **outptr, | ||||
|                                                   size_t *outlen); | ||||
| #endif | ||||
| #endif /* USE_KRB5 */ | ||||
|  | ||||
| /* This is used to generate a base64 encoded XOAUTH2 authentication message | ||||
|    containing the user name and bearer token */ | ||||
|   | ||||
| @@ -44,7 +44,9 @@ | ||||
| /* The last #include file should be: */ | ||||
| #include "memdebug.h" | ||||
|  | ||||
| #if defined(USE_KRB5) | ||||
| void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5); | ||||
| #endif | ||||
|  | ||||
| /* | ||||
|  * Curl_sasl_build_spn() | ||||
| @@ -269,9 +271,9 @@ CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data, | ||||
|  | ||||
|   return result; | ||||
| } | ||||
|  | ||||
| #endif /* !CURL_DISABLE_CRYPTO_AUTH */ | ||||
|  | ||||
| #if defined(USE_KRB5) | ||||
| /* | ||||
|  * Curl_sasl_create_gssapi_user_message() | ||||
|  * | ||||
| @@ -703,5 +705,6 @@ void Curl_sasl_gssapi_cleanup(struct kerberos5data *krb5) | ||||
|   /* Reset any variables */ | ||||
|   krb5->token_max = 0; | ||||
| } | ||||
| #endif /* USE_KRB5 */ | ||||
|  | ||||
| #endif /* USE_WINDOWS_SSPI */ | ||||
|   | ||||
| @@ -608,12 +608,18 @@ int netware_init(void); | ||||
| #define USE_SSL    /* SSL support has been enabled */ | ||||
| #endif | ||||
|  | ||||
| /* Single point where USE_SPNEGO definition might be defined */ | ||||
| #if !defined(CURL_DISABLE_CRYPTO_AUTH) && \ | ||||
|     (defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI)) | ||||
| #define USE_SPNEGO | ||||
| #endif | ||||
|  | ||||
| /* Single point where USE_NTLM definition might be done */ | ||||
| /* Single point where USE_KRB5 definition might be defined */ | ||||
| #if !defined(CURL_DISABLE_CRYPTO_AUTH) && defined(USE_WINDOWS_SSPI) | ||||
| #define USE_KRB5 | ||||
| #endif | ||||
|  | ||||
| /* Single point where USE_NTLM definition might be defined */ | ||||
| #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) && \ | ||||
|     !defined(CURL_DISABLE_CRYPTO_AUTH) | ||||
| #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ | ||||
|   | ||||
| @@ -1300,7 +1300,7 @@ static CURLcode imap_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | ||||
| } | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| /* For AUTHENTICATE GSSAPI (without initial response) responses */ | ||||
| static CURLcode imap_state_auth_gssapi_resp(struct connectdata *conn, | ||||
|                                             int imapcode, | ||||
| @@ -1911,7 +1911,7 @@ static CURLcode imap_statemach_act(struct connectdata *conn) | ||||
|       break; | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|     case IMAP_AUTHENTICATE_GSSAPI: | ||||
|       result = imap_state_auth_gssapi_resp(conn, imapcode, imapc->state); | ||||
|       break; | ||||
| @@ -2803,7 +2803,7 @@ static CURLcode imap_calc_sasl_details(struct connectdata *conn, | ||||
|  | ||||
|   /* Calculate the supported authentication mechanism, by decreasing order of | ||||
|      security, as well as the initial response where appropriate */ | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|     if((imapc->authmechs & SASL_MECH_GSSAPI) && | ||||
|        (imapc->prefmech & SASL_MECH_GSSAPI)) { | ||||
|     imapc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||
|   | ||||
| @@ -1131,7 +1131,7 @@ static CURLcode pop3_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | ||||
| } | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| /* For AUTH GSSAPI (without initial response) responses */ | ||||
| static CURLcode pop3_state_auth_gssapi_resp(struct connectdata *conn, | ||||
|                                             int pop3code, | ||||
| @@ -1591,7 +1591,7 @@ static CURLcode pop3_statemach_act(struct connectdata *conn) | ||||
|       break; | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|     case POP3_AUTH_GSSAPI: | ||||
|       result = pop3_state_auth_gssapi_resp(conn, pop3code, pop3c->state); | ||||
|       break; | ||||
| @@ -2121,7 +2121,7 @@ static CURLcode pop3_calc_sasl_details(struct connectdata *conn, | ||||
|  | ||||
|   /* Calculate the supported authentication mechanism, by decreasing order of | ||||
|      security, as well as the initial response where appropriate */ | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|   if((pop3c->authmechs & SASL_MECH_GSSAPI) && | ||||
|       (pop3c->prefmech & SASL_MECH_GSSAPI)) { | ||||
|     pop3c->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||
|   | ||||
| @@ -1150,7 +1150,7 @@ static CURLcode smtp_state_auth_ntlm_type2msg_resp(struct connectdata *conn, | ||||
| } | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| /* For AUTH GSSAPI (without initial response) responses */ | ||||
| static CURLcode smtp_state_auth_gssapi_resp(struct connectdata *conn, | ||||
|                                             int smtpcode, | ||||
| @@ -1630,7 +1630,7 @@ static CURLcode smtp_statemach_act(struct connectdata *conn) | ||||
|       break; | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|     case SMTP_AUTH_GSSAPI: | ||||
|       result = smtp_state_auth_gssapi_resp(conn, smtpcode, smtpc->state); | ||||
|       break; | ||||
| @@ -2221,7 +2221,7 @@ static CURLcode smtp_calc_sasl_details(struct connectdata *conn, | ||||
|  | ||||
|   /* Calculate the supported authentication mechanism, by decreasing order of | ||||
|      security, as well as the initial response where appropriate */ | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
|   if((smtpc->authmechs & SASL_MECH_GSSAPI) && | ||||
|      (smtpc->prefmech & SASL_MECH_GSSAPI)) { | ||||
|     smtpc->mutual_auth = FALSE; /* TODO: Calculate mutual authentication */ | ||||
|   | ||||
| @@ -419,7 +419,7 @@ typedef enum { | ||||
| #endif | ||||
|  | ||||
| /* Struct used for GSSAPI (Kerberos V5) authentication */ | ||||
| #if defined(USE_WINDOWS_SSPI) | ||||
| #if defined(USE_KRB5) | ||||
| struct kerberos5data { | ||||
|   CredHandle *credentials; | ||||
|   CtxtHandle *context; | ||||
| @@ -980,7 +980,7 @@ struct connectdata { | ||||
|   struct sockaddr_in local_addr; | ||||
| #endif | ||||
|  | ||||
| #if defined(USE_WINDOWS_SSPI) /* Consider moving some of the above GSS-API */ | ||||
| #if defined(USE_KRB5)         /* Consider moving some of the above GSS-API */ | ||||
|   struct kerberos5data krb5;  /* variables into the structure definition, */ | ||||
| #endif                        /* however, some of them are ftp specific. */ | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Steve Holme
					Steve Holme